+385912539111
·
office@loc.hr
·
Mon - Fri 09:00-17:00

Privacy Policy

Privacy Policy for the Website www.loc.hr

Who is the Controller of your Personal Data?

 

Law Firm Crnković & Partners LLC, Ilica 5, 10000 Zagreb, OIB: 46923837013, email address: crnkovic@loc.hr (hereinafter: the “Controller“), respects your privacy and is committed to protecting it during and after your visit to this website (hereinafter: the “Website“), your visits to our business locations, and when you use any of our products or services. To protect the personal data processed, we have implemented appropriate physical, electronic, and managerial procedures. However, due to the inherent open nature of the internet, we cannot guarantee that communication between you and us or the information stored on this Website or on our servers will be completely secure from unauthorized access by third parties. Therefore, we have established policies that define how your personal data will be processed and protected.

 

By accessing the Website, visiting our business locations, and using our services, you accept this Privacy Policy. This Privacy Policy is subject to changes.

 

As the Controller, we process your personal data in accordance with applicable data protection rules, particularly in compliance with the General Data Protection Regulation (EU) 679/2016 (hereinafter: the “GDPR”) and the Act on the Implementation of the General Data Protection Regulation (NN 42/2018).

 

Types of personal data processed, purpose, and legal basis for processing personal data

As the Controller, we process your personal data, including information that can directly or indirectly identify you, particularly through identifiers such as your name, surname, email address, phone number, photographs and recordings, IP address, and other personal data you may provide when communicating with us, fulfilling a contractual relationship, participating in events, or accessing our business locations (“Personal Data”), especially in the following cases:

  • When you contact us via the website form or email,
  • When we process your job application or inquiry,
  • When you access our website,
  • When you visit our business locations,
  • When we issue an “R1” invoice for products/services,
  • When we collaborate with you as our suppliers or business partners.

 

We process personal data based on your consent, legitimate interest, performance of a contractual obligation, or legal obligation. The processing of Personal Data is limited to the purposes for which it was collected, in accordance with the conditions of this Privacy Policy.

 

When processing data based on your consent, we process only the personal data you have voluntarily provided during communication with us, for the purpose of responding to your inquiries or processing your job application. The purpose of such processing includes taking steps at your request, such as answering questions, receiving proposals, or handling unsolicited applications and applications for published vacancies.

Based on legitimate interest, we process personal data when you access our website (IP address). The purpose of such processing includes investigating suspected fraud, harassment, physical threats, or other violations of Website rules, as well as any suspicious behaviour we deem inappropriate. We may process recordings or images of participants at our events for the purpose of event promotion.

To fulfil contractual obligations and comply with legal and regulatory requirements, we are required to process your personal data when you use our services. In particular, we process the data of business partners (e.g., arrangements for the provision of services), as well as the contact details of business partners who are natural persons and their employees (e.g., name, surname, official phone/mobile number, email address), as well as customers who request the issuance of an “R1” invoice.

Unsolicited Job Applications and Open Positions

We process unsolicited job applications from candidates interested in working with us and applications for open positions we advertise in a manner that ensures access to such personal data is restricted to authorized personnel only. The data are kept for two years from the date of receipt of the unsolicited application

Storage of Personal Data

We process personal data only for the duration necessary to achieve the purpose of its processing.

Personal data processed based on consent is processed only until consent is withdrawn, while you may object to the processing of personal data based on legitimate interest. Unsolicited applications and applications for advertised positions are kept for two years from the date of receipt. Other personal data processed based on your inquiries is retained for no longer than six months from the date of receipt. Data relating to business partners is retained until the termination of the business relationship and is not shared with third parties or transferred to third countries. In this context, we do not collect any private data but only information related to the fulfilment of professional duties.

All other personal data processed based on the performance of a contractual relationship or legal obligation is stored in accordance with applicable regulations, which define the retention periods (e.g., the Accounting Act). Exceptionally, your personal data may be kept beyond these periods when necessary for the fulfilment of mutual legal claims.

At the end of these periods, personal data stored on paper will be securely destroyed, for example, by shredding, while electronic data will be permanently deleted.

Your personal data may be disclosed in the following cases:

  • To entities maintaining our IT systems
  • To entities authorized by us to process Personal Data, who are subject to an appropriate legal obligation of confidentiality (e.g., accounting services)
  • To law enforcement agencies and public authorities when required by applicable law or in good faith (for the purpose of protecting and defending our rights and/or property or acting in emergency circumstances to protect the personal safety of our clients, employees, the Website, or the public)
  • To business partners for their needs, but only in accordance with the appropriate legal grounds.

 

Transfer of Personal Data to Third Countries

The data we collect is stored within the European Union (EU) and the European Economic Area (EEA), except for Switzerland, but it may also be transferred to and processed in countries outside the EU and EEA. Any such transfer of personal data will be carried out in accordance with applicable legal regulations. For transfers outside the EEA, we rely on standard contractual clauses, adequacy decisions, or appropriate safeguards, ensuring adequate protection of personal data.

Cookies

Our website uses cookies. We use cookies to provide you with our services and fulfil legal obligations. With your consent, we may also use cookies to analyse traffic on our website or to provide support.

Cookies are text files stored in your computer system via an internet browser.

The Electronic Communications Act stipulates that we can store cookies on your device if they are strictly necessary for the operation of this website. For all other types of cookies, we require your consent. This website uses different types of cookies. Some cookies are set by third parties that appear on our website.

Essential cookies

Essential cookies help make the website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies. Essential cookies may be stored regardless of the user’s consent in accordance with legal regulations.

COOKIE

DOMAIN

PURPOSE

DURATION

PH_HPXY_CHECK

loc.hr

Cookie generated by PHP-based applications. This is a general-purpose identifier used to maintain user session variables. It is typically a randomly generated number, and how it is used may be site-specific, e.g., keeping users logged in between links on the same page.

 

1 session

wp-wpml_current_language

loc.hr

Cookie associated with the WPML multilingual WordPress plugin. Stores the language value for the website. Where the cookie is set in response to user action or request, and while it has a short lifespan, it can be treated as strictly necessary.

1 session

 

Consent Management

You may revoke any consent you have granted us at any time.

If you revoke your consent, we will no longer process your data for the specified purposes. However, this does not affect the lawfulness of the processing conducted prior to the revocation.

Your Rights

a) Right to Rectification:

If we process your personal data that is incomplete or inaccurate, you may request that we correct or supplement such data at any time.

b) Right to Access:

You have the right to receive confirmation as to whether or not we are processing your personal data. Where this is the case, you may request access to the data under the conditions outlined in Article 15 of the General Data Protection Regulation (GDPR).

c) Right to Erasure:

You may request the deletion of your personal data if it has been processed unlawfully or if such processing constitutes a disproportionate intrusion into your protected interests. Please note that there may be reasons that prevent immediate deletion, such as compliance with a legal obligation requiring processing.

d) Right to Restriction of Processing:

You may request that we restrict the processing of your personal dana:

  • if you contest the accuracy of the data, for a period that allows us to verify its accuracy;
  • if the processing is unlawful, but you oppose erasure and instead request the restriction of use;
  • if we no longer need the data for the intended purposes, but you require it to assert, exercise, or defend legal claims; or;
  • if you have lodged an objection to the processing of the data.

e) Right to Data Portability:

You may request that we provide you with the personal data you have entrusted to us for archiving in a structured, commonly used, and machine-readable format:

  • if we process the data based on your consent, which you may revoke, or for the performance of a contract; and
  • if the processing is carried out using automated means.

f) Right to Object:

If we process your data to perform tasks in the public interest or tasks of public authorities, or if we rely on our legitimate interests when processing your data, you may object to such processing if there is an overriding interest in protecting your data.

g) Right to Lodge a Complaint:

If you believe that our processing of your personal data has violated Croatian or European data protection regulations, please contact us to resolve any concerns. You also have the right to lodge a complaint with the competent supervisory authority, which is the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka), located at Selska 136, Zagreb.

Exercising Your Rights

If you wish to exercise any of the rights listed, please contact us using the contact details provided in this privacy policy.

When submitting a request to exercise your rights, we are required to first verify your identity, and for this purpose, we may request additional information for verification. This is done to protect your rights and privacy.

If you exercise any of the aforementioned rights excessively and with the apparent intent to misuse them, we may charge an administrative fee or refuse to process your request.

Changes and Updates to Our Privacy Policy

We reserve the right to modify or update this Privacy Policy at any time without prior notice. Please check from time to time for any changes or updates to our Privacy Policy.